It is difficult to answer that question. It does not have to do with the willingness or desire of companies to abide by the law; instead, it has to do with the fact that in situations, where the law is soft, it will be bent all the way. That's normal. It is done to do business effectively.
However, in the case of Nexopia, Facebook or CIPPIC, some people still have problems. In terms of Facebook, we have noticed that data breaches were connected to some applications. But the position of the company is to say that it is not responsible because third parties are involved. That problem has still not been solved, I believe.
To solve problems, the legislation basically has to be clarified and implemented.